Bug#378463: marked as done (diff for 1.2.8rel-5.2 NMU)

To: Anibal Monsalve Salazar <anibal@debian.org>
Subject: Bug#378463: marked as done (diff for 1.2.8rel-5.2 NMU)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 16 Oct 2006 02:19:09 -0700
Message-id: <[🔎] handler.378463.D378463.116098996217633.ackdone@bugs.debian.org>
References: <E1GZOPo-0008Df-Na@spohr.debian.org> <20060716143140.GA1229@pannekake.samfundet.no>

Your message dated Mon, 16 Oct 2006 02:05:44 -0700
with message-id <E1GZOPo-0008Df-Na@spohr.debian.org>
and subject line Bug#378463: fixed in libpng 1.2.8rel-7
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: submit@bugs.debian.org
Subject: diff for 1.2.8rel-5.2 NMU
From: "Steinar H. Gunderson" <sesse@debian.org>
Date: Sun, 16 Jul 2006 16:31:40 +0200
Message-id: <20060716143140.GA1229@pannekake.samfundet.no>

Package: libpng
Version: 1.2.8rel-5.1
Severity: normal
Tags: patch

Hi,

Attached is the diff for my libpng 1.2.8rel-5.2 NMU.

diff -u libpng-1.2.8rel/debian/changelog libpng-1.2.8rel/debian/changelog
--- libpng-1.2.8rel/debian/changelog
+++ libpng-1.2.8rel/debian/changelog
@@ -1,3 +1,12 @@
+libpng (1.2.8rel-5.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Backport changes from 1.2.12 to fix a buffer overflow in
+    png_decompress_chunk; patch by Alec Berryman. [CVE-2006-3334]
+    (Closes: #377298)
+
+ -- Steinar H. Gunderson <sesse@debian.org>  Sun, 16 Jul 2006 16:27:56 +0200
+
 libpng (1.2.8rel-5.1) unstable; urgency=low
 
   * Non Maintainer Upload (closes: #356252).
only in patch2:
unchanged:
--- libpng-1.2.8rel.orig/pngrutil.c
+++ libpng-1.2.8rel/pngrutil.c
@@ -275,7 +275,7 @@
       if (ret != Z_STREAM_END)
       {
 #if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE)
-         char umsg[50];
+         char umsg[52];
 
          if (ret == Z_BUF_ERROR)
             sprintf(umsg,"Buffer error in compressed datastream in %s chunk",

--- End Message ---

--- Begin Message ---

To: 378463-close@bugs.debian.org
Subject: Bug#378463: fixed in libpng 1.2.8rel-7
From: Anibal Monsalve Salazar <anibal@debian.org>
Date: Mon, 16 Oct 2006 02:05:44 -0700
Message-id: <E1GZOPo-0008Df-Na@spohr.debian.org>

Source: libpng
Source-Version: 1.2.8rel-7

We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:

libpng12-0-udeb_1.2.8rel-7_i386.udeb
  to pool/main/libp/libpng/libpng12-0-udeb_1.2.8rel-7_i386.udeb
libpng12-0_1.2.8rel-7_i386.deb
  to pool/main/libp/libpng/libpng12-0_1.2.8rel-7_i386.deb
libpng12-dev_1.2.8rel-7_i386.deb
  to pool/main/libp/libpng/libpng12-dev_1.2.8rel-7_i386.deb
libpng3_1.2.8rel-7_all.deb
  to pool/main/libp/libpng/libpng3_1.2.8rel-7_all.deb
libpng_1.2.8rel-7.diff.gz
  to pool/main/libp/libpng/libpng_1.2.8rel-7.diff.gz
libpng_1.2.8rel-7.dsc
  to pool/main/libp/libpng/libpng_1.2.8rel-7.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 378463@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <anibal@debian.org> (supplier of updated libpng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 16 Oct 2006 17:34:58 +1000
Source: libpng
Binary: libpng12-dev libpng12-0 libpng12-0-udeb libpng3
Architecture: source i386 all
Version: 1.2.8rel-7
Distribution: unstable
Urgency: low
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Anibal Monsalve Salazar <anibal@debian.org>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Closes: 356252 377298 378463 393109
Changes: 
 libpng (1.2.8rel-7) unstable; urgency=low
 .
   * New maintainer. Closes: #393109.
   * ACK NMUs. Closes: #378463, #377298, #356252.
   * debian/control:
     - set Standards-Version to 3.7.2.
     - set Priority to extra for libpng12-0-udeb.
     - added ${misc:Depends} to libpng12-0 and libpng12-0-udeb
       dependency lists.
   * Added debian/watch file.
Files: 
 b38c66c97edadcc58fdb5cb42fa3cef5 700 libs optional libpng_1.2.8rel-7.dsc
 dee626d9d29a5d678f25b7ff76e446fc 16517 libs optional libpng_1.2.8rel-7.diff.gz
 d36c73ff5c40ce33dfe82bad704705b5 874 oldlibs optional libpng3_1.2.8rel-7_all.deb
 4839089a435dc41e837cb30dcc6f0cf9 114820 libs optional libpng12-0_1.2.8rel-7_i386.deb
 024f27ea6235032769bae584dfc86c40 243100 libdevel optional libpng12-dev_1.2.8rel-7_i386.deb
 0203db8529775f092ca2d38f77f8997f 70226 debian-installer extra libpng12-0-udeb_1.2.8rel-7_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFM0dpipBneRiAKDwRArIGAJ9dAjVzYO/oaKhW+nA7cAATMefG/QCgjvjT
JUs699TlukAePl/bA660/2o=
=Hl7a
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#377298: marked as done (libpng: CVE-2006-3334: DoS/buffer overflow to code execution)
Next by Date: Bug#356252: marked as done (libpng: Please add add udeb: lines to shlibs file)
Previous by thread: Bug#377298: marked as done (libpng: CVE-2006-3334: DoS/buffer overflow to code execution)
Next by thread: Bug#356252: marked as done (libpng: Please add add udeb: lines to shlibs file)
Index(es):
- Date
- Thread